Threat Response provides threat management out-of-the-box, is distributed as a virtual appliance, and seamlessly integrates the following core technology components to deliver real-time responses to security events. No coding is required to integrate with the source and enforcement devices below, and if you don’t see your device listed, contact us, as we are always developing integrations with other vendors and technologies.

Each time a security event is received by the Event Processor the system parses the event and extracts critical event information, such as the IP addresses involved in the event, and hands the deconstructed event to the Correlation Engine. The Correlation Engine uses proprietary algorithms along with external data sources such as reputation data to provide deeper understanding of the received event.

Once the event has been processed, it goes to the Rules Engine to determine if the event matches any existing criteria. Matching criteria can include information such as the location of the systems involved in the event or the original severity of the event. If matching criteria is found, the event is automatically mapped to an action in the system.

Using the Workflow System, actions can be configured to be either semi-automated or fully-automated depending on the information in the event. Once an action is in the Workflow System the action can be approved or rejected resulting in organization-wide security device updates using the Device Connectors.

Threat Response includes an audit sub-system that provides full audit details about all events, actions and system settings.

Want to learn more?

Threat Management. See our Threat Response threat management platform in action. Contact us now for a no obligation demo.